2009-12-21 20:17:41 +01:00
|
|
|
To: gnupg-announce@gnupg.org, info-gnu@gnu.org
|
|
|
|
Mail-Followup-To: gnupg-users@gnupg.org
|
|
|
|
|
|
|
|
|
|
|
|
Hello!
|
|
|
|
|
|
|
|
We are pleased to announce the availability of a new stable GnuPG-2
|
2012-03-27 11:19:32 +02:00
|
|
|
release: Version 2.0.19.
|
2009-12-21 20:17:41 +01:00
|
|
|
|
|
|
|
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
|
|
|
|
and data storage. It can be used to encrypt data, create digital
|
|
|
|
signatures, help authenticating using Secure Shell and to provide a
|
|
|
|
framework for public key cryptography. It includes an advanced key
|
|
|
|
management facility and is compliant with the OpenPGP and S/MIME
|
|
|
|
standards.
|
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.12) in
|
2009-12-21 20:17:41 +01:00
|
|
|
that it splits up functionality into several modules. However, both
|
|
|
|
versions may be installed alongside without any conflict. In fact,
|
|
|
|
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
|
|
|
|
included in GnuPG-2 and allows for seamless passphrase caching. The
|
|
|
|
advantage of GnuPG-1 is its smaller size and the lack of dependency on
|
|
|
|
other modules at run and build time. We will keep maintaining GnuPG-1
|
|
|
|
versions because they are very useful for small systems and for server
|
|
|
|
based applications requiring only OpenPGP support.
|
|
|
|
|
|
|
|
GnuPG is distributed under the terms of the GNU General Public License
|
2011-08-04 18:17:22 +02:00
|
|
|
(GPLv3+). GnuPG-2 works best on GNU/Linux and *BSD systems but is
|
|
|
|
also available for other Unices, Microsoft Windows and Mac OS X.
|
2009-12-21 20:17:41 +01:00
|
|
|
|
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
What's New in 2.0.19
|
|
|
|
====================
|
|
|
|
|
|
|
|
* GPG now accepts a space separated fingerprint as a user ID. This
|
|
|
|
allows to copy and paste the fingerprint from the key listing.
|
|
|
|
|
|
|
|
* GPG now uses the longest key ID available. Removed support for the
|
|
|
|
original HKP keyserver which is not anymore used by any site.
|
|
|
|
|
|
|
|
* Rebuild the trustdb after changing the option --min-cert-level.
|
2009-12-21 20:17:41 +01:00
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
* Ukrainian translation.
|
2009-12-21 20:17:41 +01:00
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
* Honor option --cert-digest-algo when creating a cert.
|
2011-01-13 17:04:47 +01:00
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
* Emit a DECRYPTION_INFO status line.
|
2011-01-13 17:04:47 +01:00
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
* Improved detection of JPEG files.
|
2009-12-21 20:17:41 +01:00
|
|
|
|
|
|
|
|
|
|
|
Getting the Software
|
|
|
|
====================
|
|
|
|
|
|
|
|
Please follow the instructions found at http://www.gnupg.org/download/
|
|
|
|
or read on:
|
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
GnuPG 2.0.19 may be downloaded from one of the GnuPG mirror sites or
|
2009-12-21 20:17:41 +01:00
|
|
|
direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors
|
|
|
|
can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG
|
|
|
|
is not available at ftp.gnu.org.
|
|
|
|
|
|
|
|
On the FTP server and its mirrors you should find the following files
|
|
|
|
in the gnupg/ directory:
|
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
gnupg-2.0.19.tar.bz2 (4089k)
|
|
|
|
gnupg-2.0.19.tar.bz2.sig
|
2009-12-21 20:17:41 +01:00
|
|
|
|
|
|
|
GnuPG source compressed using BZIP2 and OpenPGP signature.
|
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
gnupg-2.0.18-2.0.19.diff.bz2 (305k)
|
2009-12-21 20:17:41 +01:00
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
A patch file to upgrade a 2.0.18 GnuPG source tree. This patch
|
2009-12-21 20:17:41 +01:00
|
|
|
does not include updates of the language files.
|
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
Note, that we don't distribute gzip compressed tarballs for GnuPG-2.
|
2009-12-21 20:17:41 +01:00
|
|
|
|
|
|
|
|
|
|
|
Checking the Integrity
|
|
|
|
======================
|
|
|
|
|
|
|
|
In order to check that the version of GnuPG which you are going to
|
|
|
|
install is an original and unmodified one, you can do it in one of
|
|
|
|
the following ways:
|
|
|
|
|
|
|
|
* If you already have a trusted version of GnuPG installed, you
|
|
|
|
can simply check the supplied signature. For example to check the
|
2012-03-27 11:19:32 +02:00
|
|
|
signature of the file gnupg-2.0.19.tar.bz2 you would use this command:
|
2009-12-21 20:17:41 +01:00
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
gpg --verify gnupg-2.0.19.tar.bz2.sig
|
2009-12-21 20:17:41 +01:00
|
|
|
|
|
|
|
This checks whether the signature file matches the source file.
|
|
|
|
You should see a message indicating that the signature is good and
|
|
|
|
made by that signing key. Make sure that you have the right key,
|
|
|
|
either by checking the fingerprint of that key with other sources
|
|
|
|
or by checking that the key has been signed by a trustworthy other
|
|
|
|
key. Note, that you can retrieve the signing key using the command
|
|
|
|
|
|
|
|
finger wk ,at' g10code.com
|
|
|
|
|
|
|
|
or using a keyserver like
|
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
gpg --keyserver keys.gnupg.net --recv-key 4F25E3B6
|
2009-12-21 20:17:41 +01:00
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
The distribution key 4F25E3B6 is signed by the well known key
|
|
|
|
1E42B367.
|
2009-12-21 20:17:41 +01:00
|
|
|
|
|
|
|
NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
|
|
|
|
INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!
|
|
|
|
|
|
|
|
* If you are not able to use an old version of GnuPG, you have to verify
|
|
|
|
the SHA-1 checksum. Assuming you downloaded the file
|
2012-03-27 11:19:32 +02:00
|
|
|
gnupg-2.0.19.tar.bz2, you would run the sha1sum command like this:
|
2009-12-21 20:17:41 +01:00
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
sha1sum gnupg-2.0.19.tar.bz2
|
2009-12-21 20:17:41 +01:00
|
|
|
|
|
|
|
and check that the output matches the first line from the
|
|
|
|
following list:
|
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
190c09e6688f688fb0a5cf884d01e240d957ac1f gnupg-2.0.19.tar.bz2
|
|
|
|
d5e5643dc5ecb4e5296f1a9500f850cfbfd0f8ff gnupg-2.0.18-2.0.19.diff.bz2
|
2009-12-21 20:17:41 +01:00
|
|
|
|
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
Documentation
|
|
|
|
=============
|
2009-12-21 20:17:41 +01:00
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
The file gnupg.info has the complete user manual of the system.
|
2011-08-04 18:17:22 +02:00
|
|
|
Separate man pages are included as well; however they have not all the
|
|
|
|
details available in the manual. It is also possible to read the
|
|
|
|
complete manual online in HTML format at
|
2009-12-21 20:17:41 +01:00
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
http://www.gnupg.org/documentation/manuals/gnupg/
|
2009-12-21 20:17:41 +01:00
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
or in Portable Document Format at
|
2009-12-21 20:17:41 +01:00
|
|
|
|
|
|
|
http://www.gnupg.org/documentation/manuals/gnupg.pdf .
|
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
The chapters on gpg-agent, gpg and gpgsm include information on how
|
|
|
|
to set up the whole thing. You may also want search the GnuPG mailing
|
|
|
|
list archives or ask on the gnupg-users mailing lists for advise on
|
|
|
|
how to solve problems. Many of the new features are around for
|
|
|
|
several years and thus enough public knowledge is already available.
|
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
Almost all mail clients support GnuPG-2. Mutt users may want to use
|
|
|
|
the configure option "--enable-gpgme" during build time and put a "set
|
|
|
|
use_crypt_gpgme" in ~/.muttrc to enable S/MIME support along with the
|
|
|
|
reworked OpenPGP support.
|
2011-08-04 18:17:22 +02:00
|
|
|
|
2009-12-21 20:17:41 +01:00
|
|
|
|
|
|
|
Support
|
|
|
|
=======
|
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
Please consult the archive of the gnupg-users mailing list before
|
|
|
|
reporting a bug <http://gnupg.org/documentation/mailing-lists.html>.
|
|
|
|
We suggest to send bug reports for a new release to this list in favor
|
|
|
|
of filing a bug at <http://bugs.gnupg.org>. We also have a dedicated
|
|
|
|
service directory at:
|
2009-12-21 20:17:41 +01:00
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
http://www.gnupg.org/service.html
|
2009-12-21 20:17:41 +01:00
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
Maintaining and improving GnuPG is costly. For more than 10 years
|
|
|
|
now, g10 Code, a German company owned and headed by GnuPG's principal
|
|
|
|
author Werner Koch, is bearing the majority of these costs. To help
|
|
|
|
them carry on this work, they need your support. Please consider to
|
|
|
|
visit the GnuPG donation page at:
|
2009-12-21 20:17:41 +01:00
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
http://g10code.com/gnupg-donation.html
|
2009-12-21 20:17:41 +01:00
|
|
|
|
|
|
|
|
|
|
|
Thanks
|
|
|
|
======
|
|
|
|
|
|
|
|
We have to thank all the people who helped with this release, be it
|
|
|
|
testing, coding, translating, suggesting, auditing, administering the
|
|
|
|
servers, spreading the word or answering questions on the mailing
|
2011-08-04 18:17:22 +02:00
|
|
|
lists.
|
2009-12-21 20:17:41 +01:00
|
|
|
|
|
|
|
|
|
|
|
Happy Hacking,
|
|
|
|
|
|
|
|
The GnuPG Team
|